Slashdot Mirror
Windows 10 Privacy Changes Appease Watchdogs, But Still No Data 'Off-Switch' (zdnet.com)
Earlier this month, Microsoft announced several privacy changes in Windows 10, but it didn't give users an option to completely opt-out of data-collection feature. The announcement came at a time to coincide with a statement by the Swiss data protection and privacy regulator, the FDPIC, which last week said it would drop its threats of a lawsuit after the company "agreed to implement" a string of recommendations it made last year. The news closed the books on an investigation that began in 2015, shortly after Windows 10 was released. Though the Swiss appear satisfied, other critics are waiting for more. The French data protection watchdog, the CNIL, was equally unimpressed by Microsoft's actions, and it served the company with a notice in July to demand that it clean up its privacy settings. In an email, the CNIL said that the changes "seem to comply" with its complaint, but it's "now analyzing more in [sic] details Microsoft answers in order to know whether all the failures underlined in the formal notice do now comply with the law." ZDNet adds: Microsoft still hasn't said exactly what gets collected as part of the basic level of collection, except that the data is used to improve its software and services down the line; a reasonable ask -- but one that nonetheless lacks specifics. Microsoft said it wants users to "trust" it. And while the likelihood that the company is doing anything nefarious with users' information is frankly unlikely, the running risk is that the data could somehow be turned over to a government agency or even stolen by hackers is inescapable. That risk alone is enough for many to want to keep what's on their computer in their homes. While changing the privacy controls is a move in the right direction, it's still short of what many have called for. By ignoring the biggest privacy complaint from its consumer users -- the ability to switch off data collection altogether -- Microsoft has favored the "just enough" approach to appease the regulators. Without a way to truly opt-out, Microsoft's repeated pledge (eight times in the blog post, no less) to give its users "control" of their data comes off as a hollow soundbite.
This CAREER IT TECHNICIAN, will NEVER recommend it. Currently, we Recommend its REMOVAL from all workstations, and a regression to a safer, less intrusive, more compatible OS, that isn't able to uninstall things to make way for its own broken updates... Win 10 has uninstalled the following applications from our Users systems WITHOUT permission or ANY user interaction required... 1. Quickbooks. 2. Sage Accounting 3. Wintac (HVAC CRM) 4. Connectwise (IT CRM) All uninstalled from multiple systems, without permission, causing DAMAGE to several of our Business Class Environments, and taking 4 clients networks DOWN, as they primarily used Quickbooks. When its down they cannot function. It also damaged the Wintac Database, by uninstalling it WHILE IT WAS OPERATING! Win10 is by far and wide the VERY WORST thing ever produced and sold as an OS!
I will simply refer you to my comment in last week's discussion on "Microsoft To Enhance User Privacy Controls In Upcoming Windows 10 Update": here
Bottom line: Microsoft's only objective was "get people to quit trashing us openly". Of course, the current state very well could have been their desired end goal and they went extreme from the outset to give them room to appear to compromise. Either way, whether or not it was planned, they make themselves look (comparatively) like the good guys.
This view is disgusting:
Microsoft still hasn't said exactly what gets collected as part of the basic level of collection, except that the data is used to improve its software and services down the line; a reasonable ask
Reasonable? Why should I spend my money on electricity and bandwidth to help the commercial product of a multi-billion dollar corporation? Why don't they pay people to do QA any more? Why don't they pay users if the data has business value?
Fuck that. It is NOT a reasonable ask, it's ridiculous.
The problem is endemic far and beyond Microsoft. While the data on your PC is something people take personally, other companies performing tech support for products less often encountered by end-users are playing it fast and loose with their customer's data in the name of support.
In the networking space, if you call in any request to fix or enhance a product, the front line TAC these days has been told to have you collect a pretty thorough dump of the device configuration database. These databases are not necessarily in any sort of human readable form, but those who know what to look for can easily see that they often include private crypto keys, password hashes or sometimes even cleartext passwords, and more detail about the internal layout of the most sensitive parts of the customer's network than would be needed to solve a technical problem.
This is plausibly just because these companies have not had enough customers complain, and assigned development the task of omitting potentially sensitive data from these "tech dumps"; But it doesn't take horribly much tinfoil to imagine there could be compromised policy-setters at these companies who stand ready to step on any attempt to rectify this situation.
Finally, to top it off there is a trend to either transfer these files over email since huge attachments are no longer a problem on modern email systems, or to outsource file uploads to dropbox-ish cloud service providers.
So, it would not surprise me if there were quite a few spooks... foreign, domestic, and industrial... working at support departments in major corporations, though the more resourced agencies may not even need to do even that given the lack of hygiene exercised in transferring these files to and around the corporate TAC.
Someone had to do it.